← back
CVE-2023-30837

Vyper storage allocator overflow

CVSS 7.5 HIGHEPSS 0.7%CWE-789
Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected products
vyperlang · vyper

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/vyperlang/vyper/commit/0bb7203b584e771b23536ba065a6efda457161bbhttps://github.com/vyperlang/vyper/security/advisories/GHSA-mgv8-gggw-mrg6